website/lib/auth.php

116 lines
2.9 KiB
PHP
Raw Normal View History

<?
/*
auth.php
Authentication/Authorization function library
Copyright (C) 2000, 2001 Jeff Teunissen <deek@quakeforge.net>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to:
Free Software Foundation, Inc.
59 Temple Place - Suite 330
Boston, MA 02111-1307, USA.
*/
have ('auth');
need ('table');
2002-02-22 07:22:34 +00:00
if (!defined ('_SQLCONSTS_')) {
define ('_SQLCONSTS_', 1);
require siteHome . '/../etc/sql.conf';
}
global $userInfo;
global $authRealm;
global $REMOTE_USER;
/* SQL definition for member list table
CREATE TABLE members (
u_key INT NOT NULL auto_increment PRIMARY KEY,
u_admin CHAR DEFAULT 'N' NOT NULL,
u_username TINYTEXT DEFAULT '' NOT NULL,
u_password TINYTEXT DEFAULT '' NOT NULL,
u_fullname TINYTEXT DEFAULT '' NOT NULL,
u_email TINYTEXT DEFAULT '' NOT NULL,
u_phone TINYTEXT DEFAULT '',
u_addr1 TINYTEXT DEFAULT '',
u_addr2 TINYTEXT DEFAULT '',
u_country TINYTEXT DEFAULT '',
u_secret TINYTEXT,
u_plan TEXT DEFAULT ''
);
*/
/*
authProcess
Authenticate user against SQL database
*/
function authProcess ($userName, $password)
{
$query = "SELECT u_password, 1 AS auth FROM members" .
" WHERE u_username='$userName'" .
" AND u_password=ENCRYPT('$password','$userName')";
$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
2002-02-22 05:29:05 +00:00
if ($result[auth]) {
2002-02-22 06:50:43 +00:00
return 1;
2000-07-14 05:43:36 +00:00
} else {
2002-02-22 06:50:43 +00:00
return 0;
}
}
/*
authBasicChallenge
Use HTTP Basic authentication to ask the user for their UN/PW
*/
function authBasicChallenge ($realm, $msg)
{
header ('WWW-Authenticate: Basic realm="' . $realm . '"');
header ('HTTP/1.0 401 Unauthorized');
die ($msg);
}
// Initialization
if (!$authRealm) {
$authRealm = "Secure Area";
}
if (!isset ($_SERVER['PHP_AUTH_USER'])) {
authBasicChallenge ($authRealm, "Login required.");
} else {
$userName = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
if ($userName && $password) {
if (authProcess ($userName, $password) == 0) {
authBasicChallenge ($authRealm, "Login incorrect.");
}
} else {
authBasicChallenge ($authRealm, "Login incorrect.");
}
$_SERVER['REMOTE_USER'] = $REMOTE_USER = $userName;
2000-05-13 22:08:03 +00:00
$query = "SELECT * FROM members" .
" WHERE u_username='$userName'";
$userInfo = @mysql_fetch_assoc (@mysql_db_query (sqlDB, $query));
@mysql_close ($db);
?>